Tom Rolvers

MSRC Case: When Temporary Global Admin Rights Don’t Expire in Microsoft Entra PIM A confirmed and fixed Microsoft Entra PIM flaw reported to MSRC - learn what happened, how it was fixed, and what admins should check.

Ever seen PIM throw ‘CannotDeleteLastAdminAssignment’?

🧩I ran into a strange edge case that ended up as an MSRC report, Microsoft confirmed and fixed it.

Full write-up 👇
🔗 azurewithtom.com/posts/MSRC-C...

#MVPBuzz

Windows Autopatch Client Broker: What It Is, When to Use It, and Why It Matters In this post, we’ll break down what it does, when you need it, and how to align it with your organization’s update strategy.

Reminder for #WindowsAutopatch admins:
Migrate to the Win32 Client Broker for better reliability and on-demand deployment. Script-based installs still work, but the Win32 app is the new standard.
➡️ azurewithtom.com/posts/Manage...

Windows Autopatch Client Broker: What It Is, When to Use It, and Why It Matters In this post, we’ll break down what it does, when you need it, and how to align it with your organization’s update strategy.

🚀 New blog post: Windows Autopatch Client Broker – What It Is and Why It Matters

After sharing the new Autopatch capabilities, I got a lot of questions about the Client Broker.
Good news: it’s getting an update!

Read here 👉 azurewithtom.com/posts/Manage...

#Microsoftsecurity #Intune #MVPBuzz

Say Goodbye to Basic Authentication in Exchange Online: What You Need to Know Prepare for the deprecation of Basic Authentication in Exchange Online by September 2025. Start detect legacy sign-ins (including ROPC) using Microsoft Entra ID, disabling Basic Auth in Microsoft 365,...

🚨 Call to action 🚨

Starting September 2025, Microsoft will permanently disable Basic Authentication for SMTP AUTH.

I just published a new blog post about this:
azurewithtom.com/posts/Say-go...

#Microsoft365 #ExchangeOnline #MicrosoftEntra

Whats New in Windows Autopatch Learn how Windows Autopatch lets you orchestrate updates for Windows, Microsoft 365 Apps, Microsoft Edge, and Teams. All from a single automated solution. Discover what’s new in 2025, including hotpat...

Windows Autopatch just got better in 2025:
✅ Hotpatching for Win11
✅ Better reporting in Intune
✅ Now for Business Premium

azurewithtom.com/posts/Whats-...

I wrote a quick rundown on what’s new + how to get started:

#Windows11 #Autopatch #Intune #Hotpatch #MicrosoftSecurity

Implementing Attack Surface Reduction Policies Start implement Microsoft’s Attack Surface Reduction (ASR) policies today!

New blogpost!

Implementing "Attack Surface Reduction" policies is in my opinion mandatory.
If you have not yet touched this feature, please make sure to give it a shot and configure it!

azurewithtom.com/posts/Attack...

#ASRrules #MicrosoftSecurity #AttackSurfaceReduction #Hardening #MDE

E5 Security Addon Now Available to Microsoft 365 Business Premium Enhance your Microsoft 365 Business Premium security with the E5 Security Addon. Gain access to advanced Defender features and security hardening tools.

🚀 Microsoft 365 Business Premium has a new friend! 🔐

You can now add the E5 Security Add-on!

📢 Important: Check out if your license state is correct!

🔗 Read more about it: azurewithtom.com/posts/E5-Sec...

#Entra #E5Security #MDO #MDE #MicrosoftDefender #Microsoft

The hidden danger of device code phishing Currently there is a peak in abuse of device codes which are gathered by phishing attempts

A small write-up about Device Code abuse.

Microsoft recently revealed an ongoing phishing campaign by Storm-2372, targeting authentication methods that use device codes.
#EntraID #RestrictDeviceCode #ClientID #Microsoft

azurewithtom.com/posts/The-hi...

🚨 𝐉𝐨𝐢𝐧 𝐮𝐬 𝐨𝐧 𝐌𝐚𝐫𝐜𝐡 6𝐭𝐡 𝐟𝐨𝐫 #Yellowhat 👷 A 𝒈𝒍𝒐𝒃𝒂𝒍 𝒍𝒊𝒗𝒆𝒔𝒕𝒓𝒆𝒂𝒎 dedicated to Microsoft Security 🥷 Ticket sales NOW OPEN for live-audience (𝘈𝘮𝘴𝘵𝘦𝘳𝘥𝘢𝘮): yellowhat.live 𝘌𝘹𝘵𝘳𝘦𝘮𝘦𝘭𝘺 𝘭𝘪𝘮𝘪𝘵𝘦𝘥 𝘲𝘶𝘢𝘯𝘵𝘪𝘵𝘺!

Optimize your SOC with SIEM and XDR Recommendations Use the Microsoft XDR optimization feature to improve a unified SIEM and XDR environment

New blogpost:

Check out my latest blog post on the new Unified Coverage Management experience in the Microsoft Defender portal.

Sentinel and your XDR unified

azurewithtom.com/posts/Optimi...

#Cybersecurity #MicrosoftSentinel #XDR #Optimization #UnifiedCoverage #MITREATTACK

Workplace Ninjas Norway 2025: Call for Speakers Join us at Workplace Ninjas Norway 2025  where IT experts and community leaders come together to share knowledge, best practices, and the latest advan...

I have submitted my session “Behind the Scenes of Phishing: Understanding and Defending Against AitM Attacks” for speaking at Workplace Ninjas Norway 2025.

Have you submitted a session already? You have until 28 February to submit one yourself!

sessionize.com/workplace-ni...

Bringing Microsoft Sentinel Workbooks to the Microsoft XDR Portal Microsoft has added the Microsoft Sentinel Workbooks to the XDR portal

🚀 You can now access Microsoft Sentinel Workbooks directly in the Microsoft XDR portal!

No more jumping between portals. 🎯
azurewithtom.com/posts/Bringi...

#Cybersecurity #MicrosoftSentinel #XDR #Workbooks

Upload your analytic rules to Azure Devops Today we will create our detection rules and make them available in Azure Devops

🚀 New Blog Alert: Store your fresh created detection rules in Devops

I will post more of these blogs in the future on how to deploy the rules, use a pipeline and automate validation.

azurewithtom.com/posts/Upload...

Got feedback? Please let me know!

Should be all set now! ✊

Generate ready to use analytic rules We will use a script I recently created to generate a set of analytic rules, ready to be used in Microsoft Sentinel.

Hey @merill.net 👋, I just got in on Bluesky! Am I late to the party?

I also added Bsky to my web blog to share pages. Due to a nice upgrade I am able to deploy blogs easier now. So expect some new ones on here.

Thanks for having me motivated to check this out!

azurewithtom.com/posts/Genera...